In a doomsday cyber attack scenario, answers are unsettling
Reporting from Washington — The crisis began when college basketball fans downloaded a free March Madness application to their smart phones. The app hid spyware that stole passwords, intercepted e-mails and created havoc.
Soon 60 million cellphones were dead. The Internet crashed, finance and commerce collapsed, and most of the nation’s electric grid went dark. White House aides discussed putting the Army in American cities.
That, spiced up with bombs and hurricanes, formed the doomsday scenario when 10 former White House advisors and other top officials joined forces Tuesday in a rare public cyber war game designed to highlight the potential vulnerability of the nation’s digital infrastructure to crippling attack.
The results were hardly reassuring.
“We’re in uncharted territory here,” was the most common refrain during a three-hour simulated crisis meeting of the National Security Council, the crux of the Cyber Shockwave exercise.
Joe Lockhart, former press secretary to President Clinton, urged his fellow panelists to be bold. “Trust me,” he said, “you will be judged on this when this is over, and for years to come.”
The panelists apparently took him to heart and, as the scenario unfolded, tossed out ways to maintain order -- including nationalizing industries, rationing fuel and snatching suspects overseas.
The public rarely gets a peek at government war games. If Tuesday’s no-cliche-left-behind version at times resembled a sci-fi thriller, no one doubts that the peril to telecommunications and other crucial computer-run systems is real and growing.
Dennis C. Blair, the director of national intelligence, this month warned the Senate Intelligence Committee, “Malicious cyber activity is occurring on an unprecedented scale with extraordinary sophistication.”
Google, for example, recently disclosed what it called a “highly sophisticated and targeted attack” originating in China in mid-December on its search engine infrastructure and e-mail, as well as on at least 20 other companies. China’s government denied any role in the shadow attacks.
Attacks on government networks are also ubiquitous. According to a 2008 report by the nonprofit Center for Strategic and International Studies, NASA and the departments of Defense, Homeland Security and Commerce “all suffered major intrusions by unknown foreign entities” the previous year.
“The unclassified e-mail of the secretary of defense was hacked, and [Defense Department] officials told us that the department’s computers are probed hundreds of thousands of times each day,” the report said.
President Obama has pledged to secure the nation’s vital computer networks and created a White House office to coordinate cyber security.
In December, the Homeland Security Department released a draft plan to designate roles and responses to potential attacks or mischief.
However, the worst-case scenario presented in a Washington hotel ballroom Tuesday would almost certainly overwhelm the administration’s proposed cyber defenses.
It began with the March Madness college basketball postseason tournament application, but then an unidentified insider apparently sabotaged the software patch, making the problem far worse.
As the war game unfolded, the attack was traced to computer servers in Russia, and then to an unnamed individual in Sudan. For reasons never explained, homemade bombs exploded by electric power stations and gas pipelines in Tennessee and Kentucky.
And a monster Category 4 hurricane slammed into the Gulf Coast.
Michael Chertoff, who played the national security advisor in the exercise, had some relevant experience to draw on. He headed the Homeland Security Department when Hurricane Katrina struck in 2005.
“We need to know how to deal with this,” Chertoff declared at the start of the session. “The biggest danger,” he added, “is if we’re ineffective.”
The event was sponsored by the Bipartisan Policy Center, a Washington-based group headed by Thomas H. Kean and Lee H. Hamilton, who co-chaired the 9/11 Commission. The scenario was developed by Georgetown University and several companies, including PayPal. The session will be aired later on CNN.
None of the panelists knew the scenario in advance. Chertoff moderated the debate as others flanked him at tables that formed a V. An audience of industry executives, current and former government officials, and think tank experts watched and occasionally chortled as the group struggled to respond.
The panel sometimes learned the latest developments from fake TV bulletins that appeared on giant screens behind them.
And sometimes they didn’t. One broadcast noted that the Federal Aviation Administration had grounded all planes. More than 20 minutes later, the supposed presidential advisors were still discussing whether to do just that.
The former officials all gave a spirited performance.
Stewart Baker, former general counsel of the National Security Agency, said the White House should shut down cellphone networks even if no law specifically allowed it.
“We will be criticized if we don’t do everything we can,” said Baker, who played national cyber coordinator. “We can straighten out the [legal] authorities over time.”
Chertoff later asked if the military could help. “I don’t want to seem like a legal Nervous Nellie,” he said.
Jamie Gorelick, who was a member of the 9/11 Commission, suggested that intelligence agents kidnap the alleged perpetrator, if necessary, to bring him to justice. “We have authority to do renditions,” she said.
“Can’t you just mug him and take the stuff?” Baker asked.
Frances Fragos Townsend, who served as counter-terrorism advisor in the George W. Bush White House, called for rationing of gasoline and other crucial supplies if necessary.
Charles F. Wald, a retired Air Force general who played Defense secretary, called for military retaliation if another government were involved in the attack. “I think through our offensive cyber capability we could take some significant action,” he said.
John D. Negroponte, who spent most of his career as a diplomat before becoming the first director of national intelligence, urged a diplomatic approach. “We’ve got to sit down with these people,” he said.
Stephen Friedman, who served as director of the National Economic Council under President Bush, declared the attack “a massive blow to the solar plexus of the economy.”
“I’m not hearing any answers here as to how to fix this,” he added.
John McLaughlin, who was deputy director of the CIA during the run-up to the 2003 invasion of Iraq, suggested maximizing use of intelligence assets -- and perhaps nationalizing electric power companies.
“We can turn the [National Security Agency] loose on this problem, and gather tons and tons of information, gigabytes beyond imagination,” he promised.
In the end, no grand plan emerged, but the group did agree to advise the president to federalize the National Guard, even if governors objected, and deploy the troops -- perhaps backed by the U.S. military -- to guard power lines and prevent unrest.